VM NSG的应用程序网关 [英] Application gateway to VM NSG
问题描述
我正在尝试使用应用程序网关设置一个简单的概念验证,以使用多因素身份验证来代理与Web应用程序的连接。 Azure托管的VM(在此测试用例中只是服务器2012上的IIS)
I'm trying to set up a simple proof of concept using an application gateway to use multi factor authentication to broker a connection to a web app on a Azure hosted VM (in this test case just IIS on server 2012)
我已经把它运行到了一个点,但是为了做到这一点,我不得不允许端口80从任何分配给服务器2012 VM的NSG。由于我目前有一个分配给VM的公共IP地址,这似乎不正确,因为它允许连接
直接绕过应用程序网关的VM?
I've got it up and running to a point, however in order to do this I have had to allow port 80 from any on the NSG assigned to the server 2012 VM. As I currently have a public ip address assigned to the VM this doesn't seem correct as it would allow connections direct to the VM bypassing the application gateway?
我有这个前一段时间设置代理使用应用程序代理和连接器连接到内部Web服务器,但我猜测在这种情况下,VM是使用应用程序代理在Azure中托管的云是没有意义的,因为这是纯粹使用的
用于访问公开的应用程序?
I had this set up a while ago to broker connections to an on prem web server using an application proxy and the connectors but I'm guessing as in this scenario the VM is cloud hosted in Azure using an application proxy is pointless as that is purely used for accessing on prem applications?
如果有人能够清除困惑并指出我正确的方向做到这一点,我们将不胜感激。
If anyone could clear up the confusion and point me in the right direction of the best way to do this it'd be appreciated.
谢谢,
马特
推荐答案
Hi,
如果您的应用程序网关具有公共IP地址并且您将VM的专用IP添加到应用程序网关的后端池,那么您不需要需要允许端口80,因为应用程序网关将通过其专用IP地址与您的VM进行通信。
If your Application gateway has a public IP address and you add the VM's Private IP to the backend pool of Application gateway, then you don't need to allow port 80 as Application gateway will communicate to your VM via its Private IP address.
您将访问应用程序网关,它将充当反向代理,然后使用其实例IP与Vm进行通信。
You will access Application gateway and it act as a reverse proxy and then communicate to the Vm using its instance IP.
问候,
Msrini
这篇关于VM NSG的应用程序网关的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
